Hello.
Today I have seen, there is a Cross-Site Scripting Vulnerability in PhocaGallery <=3.2.3.
secunia.com/advisories/53382/
Cross-Site Scripting Vulnerability
-
myrtus
- Phoca Enthusiast
- Posts: 74
- Joined: 29 Jul 2009, 18:16
- Contact:
-
Jan
- Phoca Hero
- Posts: 49125
- Joined: 10 Nov 2007, 18:23
- Location: Czech Republic
- Contact:
Re: Cross-Site Scripting Vulnerability
Hi, tested but got no such problem but in every case, plupload library with its swf updated to latest version (where there should be no problems)
Please update to Phoca Gallery 3.2.4
Jan
Please update to Phoca Gallery 3.2.4
Jan
If you find Phoca extensions useful, please support the project
-
myrtus
- Phoca Enthusiast
- Posts: 74
- Joined: 29 Jul 2009, 18:16
- Contact:
Re: Cross-Site Scripting Vulnerability
Hi Jan,
thank you very much. Are there only changes in the folder plupload? If yes, so I can only upload this folder, because I have made some changes in the gallery.
Best regard,
myrtus
thank you very much. Are there only changes in the folder plupload? If yes, so I can only upload this folder, because I have made some changes in the gallery.
Best regard,
myrtus
-
josk
- Phoca Newbie
- Posts: 6
- Joined: 07 Apr 2013, 20:23
Re: Cross-Site Scripting Vulnerability
I tested this with the 4.0 version for Joomla 3.0 and there the problem still existed.
-
Jan
- Phoca Hero
- Posts: 49125
- Joined: 10 Nov 2007, 18:23
- Location: Czech Republic
- Contact:
Re: Cross-Site Scripting Vulnerability
Hi, in Phoca Gallery 3.2.4 there were changes in plupload and in output files (default.php, ...)
joskf
Phoca Gallery 4 is a development version and should be used for testing only. Next version (it seems stable) will include new plupload version.
Jan
joskf
Phoca Gallery 4 is a development version and should be used for testing only. Next version (it seems stable) will include new plupload version.
Jan
If you find Phoca extensions useful, please support the project